The GDPR and Data Destruction
Confidential data shredding is about to get even more vital for businesses, as new data regulation is about to come into force in May.
The General Data Protection Regulation directive (GDPR) is an EU-wide directive that will make it even more essential that businesses protect the data they hold. From May this year any companies that are found to be in breach of the regulations could be fined up to £20 million or four per cent of worldwide turnover, whichever is higher.
It has been brought in to ensure that data produced within the EU is kept to certain standards even when sold outside it. That issue has become even more pressing with the recent Cambridge Analytica scandal, that has revealed many Facebook users’ data was sold without their permission and outside of the law.
The new standards will require that data destruction is considered in any data handling process by any company that holds or processes data. This includes making sure that any obsolete data is destroyed in a timely manner.
From May you will be required to record where and when you obtained all data, so that it is entirely traceable, and keep a record of the level of permission you have to hold it or use it to contact people. Any data that you can’t prove a use for should be destroyed under the GDPR regulations. This may include existing data you have from customers who have opted in to be contacted by you if some of the data you hold on them is not relevant. Do you really need to keep a record of their gender for example?
Many companies may have found the process of determining the origin of all of their data a challenge, so make sure that this is taken care of by the May 2018 deadline so you don’t fall foul of the law, or risk losing valuable customers.
Once data is no longer required you should ensure that employees safely dispose of documents in shredding receptacles, that means locked consoles or wheelie bins, and make this policy clear to all staff.
Carrying out onsite shredding or hiring a specialist data destruction company to carry out your shredding for you is the most secure way to do this. If you use a third-party data destruction specialist then make sure vetted staff collect your documentation and shred it onsite if at all possible.
You should also receive a certificate of destruction for this work.
If you are looking for a third party data destruction company to destroy any extra data you will need to get rid of as part of the new GDPR requirements then consider whether or not you have audited their facilities if data is being destroyed off site.
We can help you ascertain what your data destruction needs are and help you with any questions you may have about the service that we are offering, and how it fits into the current guidelines for businesses today.
Do get in touch and we will find the best solution possible for you, your business and your customers, who are increasingly expecting their data to be protected.